Reporting

trying to get a monthly report

wye054
New Member

Hi ,

I am trying to get an monthly report, where the x axis will represent week 1 , week 2 , week 3 and 4 and y axis for transaction.my requirement is suppose week 1 starts from 1stJan'2014 then
in the report it should be like on column 1stjan to 7th Jan , 2nd one from 8thJan 14th janetc , but in my case i am able to see only 1st jan, 8th jan , 15th jan etc, i am using
sourcetype="*Ledf.log" tid|rex field=_raw "\stid((?\d+)"|dedup tid | eval status = if(error == 200, "OK", "Error")| timechart count as Trans span=7D
| eval date=strftime(_time, "%x")

can somebody help me on this

Tags (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

If I understand correctly, you want each column of the chart to have start and end dates. Isn't the end date of a column implied by the start date of the next column? Having the extra dates would only make the X-axis label harder to read.

---
If this reply helps you, Karma would be appreciated.
0 Karma

linu1988
Champion

why don't you try this?

sourcetype="*Ledf.log" tid|rex field=_raw "stid((?<tid>d+)"|dedup tid |bucket _time span=1w | eval status = if(error == 200, "OK", "Error")| timechart count as Trans

Or if you want to show the dates directly then you need to use the stats command to extract the date and time of the year then make a chart rather than a timechart

sourcetype="*Ledf.log" tid|rex field=_raw "stid((?<tid>d+)"|dedup tid |bucket _time span=1w|eval TimeStamp=strftime(_time,"%A %d/%m/%Y") | eval status = if(error == 200, "OK", "Error")|chart count as Trans by TimeStamp
0 Karma

wye054
New Member

Yes you are right . But could you please tell me how to get the enddate in the column ..

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...